|
Home > Archive > IIS Server Security > July 2004 > Integrated Windows security from a DMZ.
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Integrated Windows security from a DMZ.
|
|
| John Giblin 2004-07-09, 12:01 pm |
| I am putting one of my web server in the DMZ. I wanted to know what I
had to do in order for the "Integrated Windows security" to work.
Thanks.
John
| |
|
|
| LiveUnDead 2004-07-09, 4:13 pm |
| Where is the domain controller for the domain this server is part of ? Is this a separate domain then your production internal domain ?
If this is a separate domain and is trusting your internal domain, so that you can authenticate your internal users if were to use the external facing applications from outside your corporate network, then for security move the external domain controller(
s) into the internal network and configure IPSEC through the wirewall such that all communication of the webserver with the DC is secure. Since the domain already trusts the internal production domain, you would be able to authenticate the internal users.
Hope this makes sense.
"Tom Kaminski [MVP]" wrote:
> "John Giblin" <jwgiblin3@hotmail.com> wrote in message
> news:3d6785ec.0407081235.5bb5793a@posting.google.com...
>
> Is the server part of the same Windows domain as the clients?
>
> --
> Tom Kaminski IIS MVP
> http://www.microsoft.com/windowsser...ty/centers/iis/
> http://mvp.support.microsoft.com/
> http://www.iisfaq.com/
> http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
> http://www.tryiis.com
>
>
>
| |
| John Giblin 2004-07-29, 5:54 pm |
| Thanks, that was very helpful
"LiveUnDead" <LiveUnDead@discussions.microsoft.com> wrote in message news:<8A65990B-4E8B-4EA5-BF1F-DE2227EF44FA@microsoft.com>...
> Where is the domain controller for the domain this server is part of ? Is this a separate domain then your production internal domain ?
>
> If this is a separate domain and is trusting your internal domain,
so that you can authenticate your internal users if were to use the
external facing applications from outside your corporate network, then
for security move the external domain controller(s) into the internal
network and configure IPSEC through the wirewall such that all
communication of the webserver with the DC is secure. Since the domain
already trusts the internal production domain, you would be able to
authenticate the internal users.[vbcol=seagreen]
>
> Hope this makes sense.
>
> "Tom Kaminski [MVP]" wrote:
>
|
|
|
|
|